Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DRAFT] Implement PKCS7_verify, update PKCS7_sign #1993

Draft
wants to merge 8 commits into
base: main
Choose a base branch
from
Draft

[DRAFT] Implement PKCS7_verify, update PKCS7_sign #1993

wants to merge 8 commits into from

Conversation

WillChilds-Klein
Copy link
Contributor

DO NOT MERGE. THIS IS JUST A CI PLACEHOLDER.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license and the ISC license.

@codecov-commenter
Copy link

codecov-commenter commented Nov 14, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 70.22059% with 162 lines in your changes missing coverage. Please review.

Project coverage is 78.90%. Comparing base (ab8953b) to head (59a15a7).

Files with missing lines Patch % Lines
crypto/pkcs7/pkcs7.c 64.14% 128 Missing ⚠️
crypto/pkcs7/pkcs7_x509.c 55.93% 26 Missing ⚠️
crypto/test/test_util.cc 66.66% 4 Missing and 3 partials ⚠️
include/openssl/pkcs7.h 0.00% 1 Missing ⚠️
Additional details and impacted files 
@@           Coverage Diff            @@
##             main    #1993    +/-   ##
========================================
  Coverage   78.89%   78.90%            
========================================
  Files         595      595            
  Lines      102451   102915   +464     
  Branches    14527    14626    +99     
========================================
+ Hits        80827    81202   +375     
- Misses      20976    21062    +86     
- Partials      648      651     +3

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚨 Try these New Features:

@WillChilds-Klein WillChilds-Klein mentioned this pull request Nov 15, 2024
Merged
@WillChilds-Klein WillChilds-Klein changed the title [DO NOT MERGE] Ruby/PKCS7 integration CI checks [DRAFT] Implement PKCS7_verify, update PKCS7_sign Nov 18, 2024
@samuel40791765 @WillChilds-Klein
Add integration script for ruby 3.1
417ec6d
@samuel40791765 @WillChilds-Klein
update ruby patch file
abd026b
@samuel40791765 @WillChilds-Klein
save temporary stuff
4fcac03
@samuel40791765 @WillChilds-Klein
temporary updates
d434122
@samuel40791765 @WillChilds-Klein
update patch for updated symbols
c517378
@samuel40791765 @WillChilds-Klein
add support for EVP_PKEY_CTX callback functions
16ccdba 
(cherry picked from commit f8a47bb166c73cebeaa412844b901bfd4846b51f)
@samuel40791765 @WillChilds-Klein
Add support for EVP_PKEY_CTX callback functions (aws#1905)
7a4f2ed 
We tried to no-op these functions, but it turns out Ruby depends on them
pretty extensively as the interruption mechanism for threads. One of
Ruby's tests depends on `EVP_PKEY_CTX_get_app_data` to return an
actual value from the callback function, but we return NULL as a no-op. Ruby
seems to depend on the `EVP_PKEY` callback function and relevant
application data to correctly handle interruptions. Based on the relevant
commit messages, the expectation is that the operation is interrupted, but
AWS-LC continues resuming the operation and returns a generated RSA key.
It looks like we may have to consider implementing functionality for
these callback functions. This issue also applies to a test failure in
`test/openssl/test_pkey_dh.rb` and `test/openssl/test_pkey_dsa.rb`. We
probably aren't going to support DSA, but this will need to be applied
to DH somewhere down the line.

* Commits:
* ruby/openssl@88b90fb
* ruby/ruby@d3507e3

new test that verifies this works with `EVP_PKEY_RSA`

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license and the ISC license.
@WillChilds-Klein
Implement PKCS7_verify, update PKCS7_sign
59a15a7 
PKCS7_dataInit and PKCS7_dataFinal compile with some caveats

Fix build, disable some tests

Minor fixups and stubs to let ruby tests run against PKCS7 work

Add PKCS7_encrypt/decrypt functions, no compile

Imported remaining encrypt/decrypt code, tests run

All (hopefully) required PKCS7_verify code added, tests running 6 fail

Rebase fixups

Fixed parsing errors, adjust test patch with note

- [indefinite (original)][1]
- [definite (post-patch)][2]

[1]: https://lapo.it/asn1js/#MIIDawYJKoZIhvcNAQcDoIIDXDCCA1gCAQAxggEQMIIBDAIBADB1MHAxEDAOBgNVBAoMB2V4YW1wbGUxFzAVBgNVBAMMDlRBUk1BQyBST09UIENBMSIwIAYJKoZIhvcNAQkBFhNzb21lb25lQGV4YW1wbGUub3JnMQswCQYDVQQGEwJVUzESMBAGA1UEBwwJVG93biBIYWxsAgFmMA0GCSqGSIb3DQEBAQUABIGAbKV17HvGYRtRRBNz1QLpW763UedhVj5KXi70o4BJGM04lItAgt6aFC9SruZjpWr1gCYKCaRSAg273DeGTQwsDoZ86CPXzBpptYLz0MteQXYYWUaPZT-xmvx4NgDyk9P9MoT7JifsPrtXuzqCRFXhGdu8d_ru-OWxhHLvKH-bYekwggI9BgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcECBNs2U5mMsd_gIICGFOnLq_EAc9Nv-HjKR3ZVPSJMq0TImjGf5Mvc3nDgI572Hdo2aku0YXM6WjSWkpYtxpg7Cqxfl6hPSefLPUnBqlIoM2qbrE7MSKEVD6-2bW9GqYPFVg4qQLLsOxnxJIMfOvLFfd7guL-iLH424XfiUUxaf8EdZE4u2IEl4REvkS1FoEGwyA4BEGMSeVPedQCbZ0qY7Pc2tmZE3XfEUhIsyStG0Nb6i6AKcAFYGapbgE6kAB0gwsYcHlWMOvsvdAfcTq6jwtHlO1s68qtvkWquTQ9lpX-fzddUUNxEHSqv5eU3oo6fT3Vj5ZFIVlaA5ThZMrI5PgRPuwJM4GL8_VLwY5mbDLFqn_irGeEvP99J3S87ornLLunjpxSy1_AymcVep2H32Tj82WS_IRQXBOzz4EnQRJGszKxAV6tY-Zje3sWyTTgObhlsiTQTDgnvtSW8RvVHqKrwgkxxEsRHg7u8UdzZ0jg-O5-3F8B6_NWMyts0OaFqT9wvI8yO7VIy3dUtGdz7Hde6Ggp_iTn1LbgdJ3N8Hzxf1j6NMWUKHVsadvwpRJbUeqq9c3-QuxsJi8wWemxxQCE-tPyc1dP-ej5_M7bERbSOHMGgX03758IvP7A_fy2DjGPv2-lAwlEke0Uze1367QKgxM0nc3SZDlptY7zPIJC5saWXb8Rt2bw2JxEBOTavrp-ZwJ8tcH961onq8Tme2ICaCzk
[2]: https://lapo.it/asn1js/#MIIDcQYJKoZIhvcNAQcDoIIDYjCCA14CAQAxggEQMIIBDAIBADB1MHAxEDAOBgNVBAoMB2V4YW1wbGUxFzAVBgNVBAMMDlRBUk1BQyBST09UIENBMSIwIAYJKoZIhvcNAQkBFhNzb21lb25lQGV4YW1wbGUub3JnMQswCQYDVQQGEwJVUzESMBAGA1UEBwwJVG93biBIYWxsAgFmMA0GCSqGSIb3DQEBAQUABIGAbKV17HvGYRtRRBNz1QLpW763UedhVj5KXi70o4BJGM04lItAgt6aFC9SruZjpWr1gCYKCaRSAg273DeGTQwsDoZ86CPXzBpptYLz0MteQXYYWUaPZT-xmvx4NgDyk9P9MoT7JifsPrtXuzqCRFXhGdu8d_ru-OWxhHLvKH-bYekwggJDBgkqhkiG9w0BBwEwFAYIKoZIhvcNAwcECBNs2U5mMsd_gIICHgSCAhBTpy6vxAHPTb_h4ykd2VT0iTKtEyJoxn-TL3N5w4COe9h3aNmpLtGFzOlo0lpKWLcaYOwqsX5eoT0nnyz1JwapSKDNqm6xOzEihFQ-vtm1vRqmDxVYOKkCy7DsZ8SSDHzryxX3e4Li_oix-NuF34lFMWn_BHWROLtiBJeERL5EtRaBBsMgOARBjEnlT3nUAm2dKmOz3NrZmRN13xFISLMkrRtDW-ougCnABWBmqW4BOpAAdIMLGHB5VjDr7L3QH3E6uo8LR5TtbOvKrb5Fqrk0PZaV_n83XVFDcRB0qr-XlN6KOn091Y-WRSFZWgOU4WTKyOT4ET7sCTOBi_P1S8GOZmwyxap_4qxnhLz_fSd0vO6K5yy7p46cUstfwMpnFXqdh99k4_NlkvyEUFwTs8-BJ0ESRrMysQFerWPmY3t7Fsk04Dm4ZbIk0Ew4J77UlvEb1R6iq8IJMcRLER4O7vFHc2dI4PjuftxfAevzVjMrbNDmhak_cLyPMju1SMt3VLRnc-x3XuhoKf4k59S24HSdzfB88X9Y-jTFlCh1bGnb8KUSW1HqqvXN_kLsbCYvMFnpscUAhPrT8nNXT_no-fzO2xEW0jhzBoF9N--fCLz-wP38tg4xj79vpQMJRJHtFM3td-u0CoMTNJ3N0mQ5abWO8zyCQubGll2_Ebdm8NicRATk2r66fmcCfLXB_etaJ6sECMTme2ICaCzk

Passing all self-imposed unit tests!

Fix digest test case, down to 3 failing ruby tests (SMIME failure expected)

Fix encrypt/decrypt, new test passes

Skip SMIME ruby test

Added auth test, cert/signature verification still failing

Fix auth test, but need to implement default non-detached sign for ruby test

Root and leaf use different keys in tests

Signed test tests non-detached, fix sign init bug

Fix detached signing cleanup, all ruby tests pass!

Some updates pursuant to PR 1816

DELETEME: temporarily skip some tests

Bring in prior PR changes, fix sign tests
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@WillChilds-Klein @codecov-commenter @samuel40791765